[cryptography] Client certificates, Tor-exit nodes and renegotiation
guido at witmond.nl
Fri Mar 14 18:09:53 EDT 2014
On 03/14/14 17:48, Tom Ritter wrote:
> Yes - sending client certificates over Tor will de-anonymize in the
> same way that sending your real name or username over HTTP over Tor
> will de-anonymize you. Personally I consider this a flaw of TLS, not
> Tor, which does not protect the client certificate from either a
> passive or active adversary. There were some proposals to move client
> certificates further into the handshake, and protect them against a
> passive and/or active adversary (depending on proposal) - but they did
> not have much traction and then Snowden happened and everyone is
> focused on TLS 1.3.
Thanks for confirming.
Ironically, lousy password over TLS and Tor are safer than strong client
certificates and Tor...
It seems that 1.3 addresses this problems entirely.
> A nit: when you say every "system on-route to the server", I assume
> you mean between the exit node and the HTTPS endpoint, in which case
> yes. If you mean every Tor intermediate node, then no.
Sorry, yes, I meant, from the exit node towards the server.
> Using TLS-renegotiation to send the client certificate inside an
> already-server-authenticated channel seems like it would work to me -
> I have not tried doing it with any library.
I'll give it a try.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 897 bytes
Desc: OpenPGP digital signature
More information about the cryptography